Yes, that's how we designed this feature. Peter -----Original Message----- From: Shinji Matsunaga (Fujitsu) <shin.matsun...@fujitsu.com> Sent: Wednesday, October 4, 2023 4:19 To: Marko, Peter (ADV D EU SK BFS1) <peter.ma...@siemens.com>; richard.pur...@linuxfoundation.org Cc: openembedded-core@lists.openembedded.org Subject: RE: [OE-core] [PATCH] cve-check: Classify patched CVEs into 3 statuses
> Sorry for the late reply. > > In addition to the changes to meta/classes/cve-check.bbclass, Does it mean > that the following processing needs to be added to > meta/conf/cve-check-map.conf? > CVE_CHECK_STATUSMAP[out-of-range] = "Patched" > CVE_CHECK_STATUSMAP[undecidable] = "Unpatched" > > Shinji > > -----Original Message----- > From: Marko, Peter <peter.ma...@siemens.com> > Sent: Thursday, September 21, 2023 6:46 PM > To: Matsunaga, Shinji/松永 慎司 <shin.matsun...@fujitsu.com>; > richard.pur...@linuxfoundation.org > Cc: openembedded-core@lists.openembedded.org > Subject: RE: [OE-core] [PATCH] cve-check: Classify patched CVEs into 3 > statuses > > We have recently introduced CVE_CHECK_STATUSMAP which should be used to > declare more detailed status information instead of introducing additional > statuses. > In this case, "out of range" should be subtype of patched and "undecidable" > subtype of unpatched I think. > > Peter > > -----Original Message----- > From: openembedded-core@lists.openembedded.org > <openembedded-core@lists.openembedded.org> On Behalf Of Matsunaga-Shinji via > lists.openembedded.org > Sent: Thursday, September 21, 2023 11:03 > To: richard.pur...@linuxfoundation.org > Cc: openembedded-core@lists.openembedded.org; shin.matsun...@fujitsu.com > Subject: [OE-core] [PATCH] cve-check: Classify patched CVEs into 3 statuses > > > CVEs that are currently considered "Patched" are classified into the > > following 3 statuses: > > 1. "Patched" - means that a patch file that fixed the vulnerability > > has been applied > > 2. "Out of range" - means that the package version (PV) is not subject > > to the vulnerability 3. "Undecidable" - means that versions cannot be > > compared to determine if they are affected by the vulnerability > > > > Signed-off-by: Shinji Matsunaga <shin.matsun...@fujitsu.com>
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#188671): https://lists.openembedded.org/g/openembedded-core/message/188671 Mute This Topic: https://lists.openembedded.org/mt/101496298/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
